Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Mozilla Fixes Major Security Issues

July 26, 2012 by  
Filed under Around The Net

Comments Off on Mozilla Fixes Major Security Issues

Mozilla has fixed a number of security vulnerabilities in the latest versions of its internet applications, including Firefox 14, Thunderbird 14 and Seamonkey 2.11.

Following the release of its Firefox 14 browser for desktop operating systems on Tuesday, Mozilla said it has removed security holes in the Gecko rendering engine that all the applications run, some of which it rated as “critical”.

The bugs fixed included a code execution problem related to javascript URLs, a JSDependentString::undepend string conversion bug that can be exploited to cause a crash and a same-compartment Security Wrappers bypass issue.

Critical use-after-free problems, an out-of-bounds read bug, and a bad cast in the Gecko engine that could lead to memory corruption have also been addressed, Mozilla said.

These bugs were deemed “critical” due to their vulnerability to being exploited remotely by hackers that could execute arbitrary code on an unsuspecting victim’s system.

Source…

Patches Released For Firefox and Thunderbird

October 4, 2011 by  
Filed under Internet

Comments Off on Patches Released For Firefox and Thunderbird

The release of Firefox 7 is important because the new version features better memory management and is the first step in Mozilla’s long term plan to make the browser more resource friendly.

Nevertheless, users who upgrade to it will also benefit from improved security as this release fixes six critical and two moderate severity security vulnerabilities.

Four of the critical patches are shared with Thunderbird 7 and address a use-after-free condition with OGG headers, an exploitable crash in the YARR regular expression library, a code installation quirk involving the Enter key and multiple memory hazards.

A moderate severity patch that provides defence against multiple Location headers caused by CRLF injection attacks is also common to both products.

In addition to these patches Firefox 7 also contains fixes for two critical and one moderate severity vulnerabilities, with one of them resulting in a potentially exploitable WebGL crash.

It’s worth pointing out that Microsoft previously motivated its decision to not include support for WebGL in Internet Explorer by saying that the 3D graphics library opens a large attack surface.

So far several serious vulnerabilities have been identified and patched in WebGL, which partially supports Microsoft’s assessment, but the library’s supporters claim this is no different than with other technologies.

Firefox 7 also updates Websocket, a protocol disabled in the past because of security issues, to version 8, which is no longer vulnerable to known attacks.

Read More…..

Google Moves Quickly To Plug Data Leaks

May 24, 2011 by  
Filed under Smartphones

Comments Off on Google Moves Quickly To Plug Data Leaks

Google confirmed that it’s starting to roll out a server-side patch for a security vulnerability in most Android phones that could allow hackers to access important credentials at public Wi-Fi hotspots.

“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” said a Google spokesman in an emailed statement. “This fix requires no action from users and will roll out globally over the next few days.”

Google will apparently apply the fix to its servers since it does not need to push out an over-the-air update to Android phones.

Experts applauded Google’s fast reaction.

“It’s impressive how quickly Google fixed this,” said Kevin Mahaffey, chief technology officer and a co-founder of San Francisco-based mobile security firm Lookout. “Google’s security team, especially on Android, is very, very quick to deal with issues.”

Whatever Google is implementing will shut the security hole that three German researchers publicized last week.

According to the University of Ulm researchers, who tested another researcher’s contention last February that Android phones sent authentication data in the clear, hackers could easily spoof a Wi-Fi hotspot — in a public setting such as an airport or coffee shop — then snatch information that users’ phones transmitted during synchronization.

In Android 2.3.3 and earlier, the phone’s Calendar and Contacts apps transmit information via unencrypted HTTP, then retrieve an authentication token from Google. Hackers could eavesdrop on the HTTP traffic at a public hotspot, lift authentication tokens and use them for up to two weeks to access users’ Web-based calendars, their contacts and also the Picasa photo storage and sharing service.

Read More…